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AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended) A system for at least one secure networking d ata transmis s ion session 

between a requestor and a resource comprising: 

a secure point of presence, wherein a networking protocol is implemented on the secure 
point of presence, and wherein the secure point of presence facilitates the creation of the 
at least one secure networking session between the requestor making a request and the 
resource: 

a session lave n implemented within the networking protocol, wherein the session layer feat 
maps authentication of the at least one secure networking session associated with at least 
one request to authorization information associated with the secure networking session 
lovol authorization , wherein the authorization information associated with the secure 
networking session level a uthorization d e finin g defines p ermitted communications 
between the at least one resource and the at least one reques tor for the at least one secure 
networking session . 

2, (Currently Amended) The system of claim 1, wherein the session layer further comprises 

inoludeo : 

a trusted session sub-laye n wherein the trusted session sub-layer is implemented as part of 
the session layer, for networking session level authorization and maintenance; and^ 

a reverse proxy for transferring data between the at least one resource and the at least one 
request. 

3. (Currently Amended) The system of claim 2, wherein the network protocol stack layers ef^^ 

roquopt below its the trusted session sub-layer associated with the request are imaware of 
existence of network protocol layers associated with e f the resource below 4fe 4fae trusted 
session sub-layer. 

4, (Original) The system of claim 1, wherein the session layer forms a bundle of transport layer 

connections between the at least one resource and the at least one request 
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5. (Original) The system of claim 4, wherein a plurality of bxmdles of transport layer connections 

are joined to create a meta-session. 

6. (Original) The system of claim 1, wherein the session layer maps ports onto itself. 

7. (Original) The system of claim 6, wherein the session layer associates a transport connection 

for data to pass from the at least one resource to the at least one request 

8. (Original) The system of claim 1, further including a trusted operating system. 

9. (Original) The system of claim 1, wherein the authorizations are dynamically updated. 

10. (Original) The system of claim 1, wherein no layer below the session layer communicates on 
a peer to peer level. 

1 1. (Original) The system of claim 1, wherein the session layer includes a sterile core. 

12. (Original) The system of claim 1, wherein the session layer maps the authentication of users 
using a Secure Core rulebase. 

13. (Original) The system of claim 1, wherein resource identities are masked. 

14. (Original) The system of claim 1, wherein the authorization is dependent on a network 
interface of the at least one request. 

15. (Original) The system of claun 1, wherein the session layer provides an audit trail, 

16. (Currently Amended) The system of claim 1, wherein the session layer can establish multiple 
bi-directional sessions with multiple requests, each session operating in a half-duplex 
manner. 

17. (Original) The system of claim 1, wherein the session layer mediates resources between the 
at least one request and the at least one resource based on a credential set. 

18. (Original) The system of claim 1, wherein the session layer mediates resources between the 
at least one request and the at least one resource based on a credential set, and wherein the 
session layer bundles transport layer communications between the at least one resource and 
the at least one request by associating the bundles with the credential set. 

19. (Original) The system of claim 1, further mcluding a multi-level operating system used as a 



proxy. 
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20. (Original) The system of claim 1, further including a Session Manager to communicate 
through higher OSI layers. 

21 . (Original) The system of claim 1 , wherein no physical resource is time-division shared by the 
at least one resource requester and the at least one resource provider. 

22. (Currently Amended) A system for implementing a secure networking d ata transmission 
session between a user and a resource provider, comprising: 

a virtual air gap provided by: comprising a trusted session sub-layer wherein the trusted 
sub-laver is implemented within a session laver of a network protocol stack, wherein the 
trusted sub-laver performs networking data transmission -fer session authorization and 
maintenance , and wherein the virtual air gap separates requests received from the user 
from resources provided bv the resource provider : 

a reverse proxv for data transfer between a user and a resource provider: and. 

a trusted operating system for networking data transmission session separatio n, wherein the 
trusted operating system runs the reverse proxy, and wherein the virtual air gap is 
implemented as part of the trusted operating svstem.T -agAr . 

g revorao proxy for data tranofcr between a user and a resourco provid e r . 

23. (Currently Amended) The system of claim 22, wherein ef the network protocol stack layers 
associated with the user request te y^s below the its trusted session sub-layer are unaware of 
existence of network protocol stack layers associated with e f the resource provider below its 
the trusted session sub-layer. 

24. (Original) The system of claim 22, wherein the trusted session sub-layer forms a bundle of 
transport layer connections between the user and the resource provider. 

25. (Original) The system of claim 24, wherein a plurality of bundles of transport layer 
coimections are joined to create a meta-session. 

26. (Currently Amended) The system of claim 22, wherein fte e session layer, whioh includes 
th e trust e d s e ssion oub layer, is capable of mapping ports onto itself 

27. (Original) The system of claim 22, wherein the session authorization is dynamically updated. 
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28. (Currently Amended) The system of claim 22, wherein »e network protocol stack layers 
below the a-session laye r, which inoludcG th e truct o d flcssion sub layer, dgjioLcommunicates 
on a peer to peer level. 

29. (Original) The system of claim 22, wherein the trusted session sub-layer maps user 
authentication using a Secuare Core rulebase. 

30. (Currently Amended) The system of claim 22, wherein the networking data transmission 
session authorization is dependent on a_network interface type used bve f the user, 

31. (Original) The system of claim 22, wherein the trusted session sub-layer mediates resources 
between the user and the resource provider based on a credential set. 

32. (Original) The system of claim 22, wherein the trusted session sub-layer mediates resources 
between the user and the resource provider based on a credential set, and wherein the trusted 
session sub-layer bundles transport layer communications between the user and the resource 
provider by associating the bundles with the credential set. 

33. (Original) The system of claim 22, fiirther including a multi-level operating system used as a 
proxy. 

34. (Original) The system of claim 22, further including a Session Manager to communicate 
through higher OSI layers. 

35. (Original) The system of clahn 22, wherein no physical resource is time-division shared by 
the user and the resource provider. 

36. (Currently Amended) A system for secure networking data transmission utilizing a 
networking protocol stack, the system c omprising: 

a trusted session sub-laver. wherein the t msted session sub-laver is implemented within a 
session layer of the networking protocol stack, and wherein the trusted session sub-laver 
maintains maintaining a virtual air gap between a plurahty of resource requesters and a 
plurality o f resource providers; and. 

a session manage r, viiiercin the session manager controls data transffir^ foratronafor of data 
between the plurality of resource requesters and the plurality of resource providers. 
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37. (Original) The system of claim 36, wherein the trusted session sub-layer includes a reverse 
proxy for transferring data between the plurality of resource requesters and the plurality of 
resource providers. 

38. (Original) The system of claim 36, wherein the trusted session sub-layer forms a bundle of 
transport layer connections between the plurality of resource requesters and the plurality of 
resource providers, 

39. (Original) The system of claim 38, wherein a plurality of bundles of transport layer 
connections are joined to create a raeta-session. 

40. (Original) The system of claim 36, wherein the trusted session sub-layer maps ports onto 



41. (Original) The system of claim 40, wherein the trusted session sub-layer associates transport 
connections for data to pass fix)m the plurality of resource requesters to the plurality of 
resource providers. 

42. (Original) The system of claim 36, wherein authorizations for the plurality of resource 
requesters are dynamically updated. 

43. (Currently Amended) The system of claim 36, wherein no networking protocol stack l aver 
below the a session laye r;, - which includes th e trusted o e osion sub layer -; communicates on a 
peer to peer level. 

44. (Currently Amended) The system of claim 36, wherein the session layer mediates resources 
between the plurality of resource requesters and the plurality of resource providers based on 
a credential set associated with each resource requester requester's crodontial sot , and 
wherein the session layer bundles transport layer coramimications between the plurality of 
resource requesters and the plurality of resource providers by associating the bundles with 
the credential set associated with each resource requester, r equ e st e r'o crodGntial not. 

45. (Original) The system of claim 36, wherein no physical resource is time-division shared by 
the plurality of resource requesters and the pluraUty of resource providers. 

46. (Currently Amended) A system for secure networking data transmission comprising a 
networking protocol stack, the networking protocol stack comprising : 



itself. 
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a rulebase for authenticating authorization of the plurality of resource requesters on a 
dynamic basis: and 

a trusted session sub-laye n wherein the trusted session sub-layer facilitates peer-to-peer 
communication between a plurality of resource requesters and a plurality of resource 
providers, wherein the tr usted session sub-layer is implemented within the session laver 
of the networking proto c ol stack, and g r rulehariQ for imthflntimting nnt h ^ri ^nt io n o f the 
plurality of resource requ e gt e ra on a d>'nDmio baGis, - w herein the trusted session sub-layer 
forms a bundle of transport layer connections between the plurality of resource providers 
and the plurality of resource requesters. 

47. (Original) The system of claim 46, wherein the trusted session sub-layer includes a reverse 
proxy for transferring data between the plurality of resource requesters and the pliu-ality of 
resource providers. 

48. (Currently Amended) The system of claim 46, wherein instances of the networking protocol 
stack layers can be associated with a resource requestor or a resource provider, and wherein 
networking protocol st ack layers of each rcgouroo roquostcF below its the trusted session 
sub-layer associated with each resource requester are unaware of the.existence of 
networkin g protocol stack layers associated with e f each resource provider below theite 
trusted session sub-layer. 

49. (Original) The system of claim 46, wherein the trusted session sub-layer maps ports onto 
itself. 

50. (Original) The system of claim 46, wherein the authorizations for each resource requester are 
dynamically updated. 

51 . (Original) The system of claim 46, wherein no layer below the session layer communicates 
on a peer to peer level. 

52. (Original) The system of claim 46, wherein the session layer mediates resources between the 
plurality of resource requesters and the plurality of resource providers based on each user's 
credential set, and wherein the session layer bundles transport layer communications 
between the plurality of resource requesters and the plurality of resource providers by 
associating the bundles with the each user's credential set. 
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53. (Currently Amended) A system for secure networking data transmission comprising a 
networking protocol stack, the networking protocol stack comprising : 

a session laye r, wherein the session layer facilitates fer-a data t ransfer of data between a 
plurality of resource requesters and a plurality of resource providers, and w herein the 
networking protocol stack prohibits s e peer-to-peer connections e?rf6t below the session 
layer; and 

a trusted session sub-laye n wherein the trusted session sub-laver operates within the session 
layer and maintains maintaining a virtual air gap, and w herein the virtual air gap is 
implemented such that no physical resources are time-division shared between any 
resource provider and any resource requester. 

54. (Currently Amended) A system for secure networking data transmission within a networking 
session comprising a networking protocol stack, the networking protocol stack comprising : 

a^session laye r, wherein the session layer maps m e ans for mapping authentication of at least 
one request to networking session level authorization, and wherein the authorization 
defines d e fining permitted communications between at least one resource and the at least 
one request. 

55. (Currently Amended) A system for secure networking d ata transmission , wherein the 
networking data transmission comprises a plurality of networking sessions, the system 
comprising a networking protocol stack, the networking protocol stack comprising : 

a^virtual air gap , wherein the virtual air gap is m e ans provided byr by a t rusted session sub- 
lave r, wherein the trusted session sub-laver is implemented as a sub-laver of the session 
layer of the networking protocol stack, and wherein the trusted session sub-laver 
performs networking moona for session authorization and maintenance; 

a trusted operating system for implementing separation of the plurality of networking 
sessions session s e paration : and, 

a.reverse prox y, wherein the reverse proxy facilitates m e ans for data transfer between a user 
and a resource provider. 

56. (Currently Amended) A system for secure networking data transmission comprising a 
networking protocol stack, the networking protocol stack comprising : 
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a trusted session sub-laye r, wherein the trusted session sub-layer is implemented within the 
session layer of the networking protocol stack, and wherein the trusted session sub-layer 
maintains m e ans maintaining a virtual air gap between a plurality of resource requester 
and a plurality of resource providers; and. 

a^session manage r, wherein the session manaeer manages m e ann for transferring data 
between the plurality of resource requesters and the plurality of resource providers. 

57. (Currently Amended) A system for secure networking data transmission comprising a 
networking protocol stack, the networking protocol stack comprising : 

a nilebase for authenticating authorization of the plurality of resource requesters on a 
dynamic basis: and 

a_trusted session sub-laye n wherein the tmsted session sub-laver is implemented within the 
session layer of the networking protocol stack, wherein the trusted session sub-lay er 
facilitates m e ans for peer-to-peer communication between a plurality of resoxjrce 
requesters and a plurality of resource providers , and : a rulebaao for anthontinnHng 
authorization of tho plurality of r e sourc o rcquostors on : a dynamic basis, wherein the 
trusted session sub-layer means forms a bundle of networking protocol stack t ran.sport 
layer connections between the plurality of resource providers and the plurality of resource 
requesters, 

58. (Currently Amended) A system for secure networking d ata transmission comprising a 
networking protocol stack, the networking protocol stack comprising : 

a.session laye r, wherein the session layer facilitates meono for a tranofor of data transfer 
between a plurality of resource requesters and a plurality of resource providers ?, and 
wherein the se ssion layer comprises a trusted session sub-laver. wherem the trusted 
session sub-lav er maintains a virtual air gap, and wherein the virtual air gap is config ured 
such fliat phys ical resources are not time-division shared between any resource provider 
and any resource requester: 
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wherein the networking protocol stack prevents a e peer-to-peer connections from existing 
below the session layer m e ans; and trufitod coGOion sub lay e r m e ono maintaining a ^virteat 
air gap, wherein no physical rosouro e a aro time - division ahorod b e tw ee n any refloiirc e 
prov i d e r - ond any roaouroc roquestcr . 

59. (Currently Amended) A computer program product for secur e networking data transmission^ 
the computer program product implementing a networkinp protocol stack, the n etworking 
protocol stack comprising: 

a computer usable medium having computer readable program code means embodied in the 
computer usable medium , wherein the computer readable program code causes fer 
causing an application program to execute on a computer system, the computer readable 
program code means comprisingT computer readable program networking session layer 
cod e, wherein the networking session layer code facilitates moons fo r mapping 
authentication of at least one request to networking session level authorization, wherein 
the networking session level authorization defines d e fining permitted communications 
between at least one resource and the at least one request. 

60. (Currently Amended) A computer program product for secure networking data transmission 
among a plurality of networking sessions, the computer program product implementing a 
networking protocol stack, the networking protocol stack comprising: 

a computer usable medium having computer readable program code means embodied in the 
computer usable medium , wherein the computer readable program code causes fef 
causing an application program to execute on a computer system, the computer readable 
program code implementing a trusted session sub-laven wherein the trusted session sub- 
layer facilitates network session authorization and maintenance, whereby the trusted 
session sub-layer creates a virtual air gap j neons compri s ing: computor ronHnbln prn^rrnm 
cod e m e ans for a virtual air gop - yrovid e d by: comput e r r e adable program code trustod 
s e ssion sub - layer m e ans for session authorization and mointonancc; 

a trusted operating system for networking session separation; and^ 

computer readable program code implementing a r everse prox y, wherein the reverse proxy 
coordinates m e ans for data transfer between a user and a resource provider. 
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61. (Currently Amended) A computer program product for secure networking d ata transmission^ 
the computer propram product implementing a networking protocol stack, the networking 
protocol stack comprising: 

a computer usable medium having computer readable program code moans embodied 
therein, wherein the computer readable program code causes i n the oomputor usablo 
m e dium for causing an application program to execute on a computer system, the 
computer readable program code m e an s comprising-computer readable program code 
implementing a trusted session sub-layer within a session layer of the networking 
protocol stack, wherein the trusted session sub-laver maintains m eans for maintoinuig a 
virtual air gap between a plurality of resource requesters and a plurality of resource 
providers; and, 

computer readable program code implementing a session manage r, wherein the session 
manager transfers moons for tronoforring data between the plurality of resource requesters 
and the plxirality of resource providers. 

62. (Currently Amended) A computer program product for secure networking d ata transmission^ 
the computer program product implementing a networking protocol stack, the networking 
protocol stack comprising: 

a computer usable medium having computer readable program code m e onfl embodied 
therein, wherein the computer readable program code causes in the computer uGoblo 
medium for causing an application program to execute on a computer system, wherein 
the computer readable program code comprises m eans comprising: computer readable 
program code implementing a trusted session sub-layer moons as part of a session laver 
of the networking protocol stack, wherein the trusted session sub-laver facilitates 1 ^ 
peer-to-peer communication between a plurality of resource requesters and a plurality of 
resource providers , wherein the trusted session sub-laver is capable of forming a bimdle 
of transport laver connections between the pluralitv of resoiurce providers and the 
plurality of resource requesters : and. 
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a rulebase for authenticating authorization of the plurality of resource requesters on a 
dynamic basis. , wh e r e in tho truot e d oosaion sub layer mean s forms - a bundle of transpor t 
lay e r conn e ctions b e tw ee n th e plurality of r e sourc e providero and the plurality of rosourcc 
request e rs . 

63. (Currently Amended) A computer program product for secure networking data transmission^ 
the computer program product implementing a networking protocol stack, the networking 
protocol stack comprising: 

a computer usable medium having computer readable program code m e an s embodied 
therein, wherein the computer readable program code causes in th e comput e r unablo 
medium for causing an application program to execute on a computer system, the 
computer readable program code comprises m e ans comprising: computer readable 
program code implementing a networking protocol stack session laye r, wherein the 
networking protocol stack session layer transfers moons for transf e rring data between a 
plurality of resource requesters and a plurality of resource providers, wherein the 
networking protocol stack is implemented such that a e peer-to-peer connections exist are 
not permitted b elow th e comput e r readabl e progmm codo networking protocol stack 
session layer meaiis; and^ 

computer readable program code implementing a t rusted session sub-lave r, wherein the 
trusted session sub-laver is implemented within the networking protocol stack session 
layer, and wherein the trusted session sub-laver maintains m e ans for maintainiH g a virtual 
air gap, wherein the virtual air gap is configured such that w horoin no physical resources 
are not time-division shared between any resource provider and any resource requester. 

64. (Currently Amended) A method for secure networking data transmission comprising: 

initiating a networking session: and, 

mapping authentication of at least one request to networking session level authorization in a 
networking protocol stack session layer, the authorization defining permitted 
communications between at least one resource and the at least one reques t within the 
networking session . 
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